var-201808-0004
Vulnerability from variot
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0004", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.10", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.6", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.4", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.16", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.20", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.17", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.9", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.18", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.12", }, { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.23", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.19", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.0", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.2", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.7", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.11", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.2", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.8", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.1", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.4.3", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.14", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.9", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.12", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.23", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.31", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.27", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.25", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.4", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.20", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.22", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.18", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.16", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.13", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.3", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.21", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.29", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.6", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.15", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.26", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.17", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.10", }, { model: "http server", scope: "eq", trust: 1, vendor: "apache", version: "2.2.24", }, { model: "webotx", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "hitachi it operations director", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/integrated management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus developer", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/service support", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "istorage", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus service architect", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi application server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/operations analytics", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/it desktop management - manager", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/it desktop management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus primary server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "simpwright", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "spoolserverシリーズ", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus developer light", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "job management partner 1/it desktop management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "cosminexus http server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "mailshooter", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "ucosminexus developer standard", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server standard", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server enterprise", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "csview", scope: null, trust: 0.8, vendor: "日本電気", version: null, }, { model: "job management partner 1/performance management - web console", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/automatic job management system 3", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi application server for developers", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus service platform", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "http server", scope: null, trust: 0.8, vendor: "apache", version: null, }, { model: "job management partner 1/it desktop management - manager", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server smart edition", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "job management partner 1/integrated management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "ucosminexus application server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/automatic operation", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "jp1/performance management", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "hitachi web server", scope: null, trust: 0.8, vendor: "日立", version: null, }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.23", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.20", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.18", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.17", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.16", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.12", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.31", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.27", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.26", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.25", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.24", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.23", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.15", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.14", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.13", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.12", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.11", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.9", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.8", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.6", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.5", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.4", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.3", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.9", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.7", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.6", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.3", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.1", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.29", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.22", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.21", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.20", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.19", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.18", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.17", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.16", }, { model: "apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.4.25", }, { model: "apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.2.32", }, ], sources: [ { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Sergey Bobrov", sources: [ { db: "BID", id: "105093", }, ], trust: 0.3, }, cve: "CVE-2016-4975", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2016-4975", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "VENDOR", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2016-008607", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2016-4975", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "VENDOR", availabilityImpact: "None", baseScore: 4, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2016-008607", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-4975", trust: 1, value: "MEDIUM", }, { author: "VENDOR", id: "JVNDB-2016-008607", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201808-445", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-4975", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). \nAttackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust", sources: [ { db: "NVD", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "BID", id: "105093", }, { db: "VULMON", id: "CVE-2016-4975", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-4975", trust: 3.6, }, { db: "BID", id: "105093", trust: 1.9, }, { db: "JVN", id: "JVNVU99304449", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-008607", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2019.1415", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201808-445", trust: 0.6, }, { db: "VULMON", id: "CVE-2016-4975", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, id: "VAR-201808-0004", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.206875005, }, last_update_date: "2024-11-23T20:51:26.283000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "hitachi-sec-2018-103", trust: 0.8, url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743", }, { title: "Apache HTTP Server Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83901", }, { title: "Red Hat: CVE-2016-4975", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-4975", }, { title: "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory", }, { title: "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory", }, { title: "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186", }, { title: "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182486 - Security Advisory", }, { title: "", trust: 0.1, url: "https://github.com/tom-riddle0/CRLF ", }, { title: "Pentest-Cheetsheet", trust: 0.1, url: "https://github.com/MrFrozenPepe/Pentest-Cheetsheet ", }, { title: "DC-3-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough ", }, { title: "DC-2-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough ", }, { title: "DC-1-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough ", }, { title: "", trust: 0.1, url: "https://github.com/hrbrmstr/internetdb ", }, { title: "", trust: 0.1, url: "https://github.com/SecureAxom/strike ", }, { title: "", trust: 0.1, url: "https://github.com/imhunterand/hackerone-publicy-disclosed ", }, { title: "Basic-Pentesting-2-Vulnhub-Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough ", }, { title: "", trust: 0.1, url: "https://github.com/bioly230/THM_Skynet ", }, { title: "Basic-Pentesting-2", trust: 0.1, url: "https://github.com/vshaliii/Basic-Pentesting-2 ", }, { title: "", trust: 0.1, url: "https://github.com/NikulinMS/13-01-hw ", }, ], sources: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-93", trust: 1, }, { problemtype: "Data processing (CWE-19) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03908en_us", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20180926-0006/", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/105093", }, { trust: 1.3, url: "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975", }, { trust: 1, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu99304449/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2016-8743", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4975", }, { trust: 0.6, url: "httpd.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.", }, { trust: 0.6, url: "httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.", }, { trust: 0.6, url: "httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10715641", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/79678", }, { trust: 0.3, url: "http://www.apache.org/", }, ], sources: [ { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2016-4975", }, { db: "BID", id: "105093", }, { db: "JVNDB", id: "JVNDB-2016-008607", }, { db: "CNNVD", id: "CNNVD-201808-445", }, { db: "NVD", id: "CVE-2016-4975", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-14T00:00:00", db: "VULMON", id: "CVE-2016-4975", }, { date: "2018-08-14T00:00:00", db: "BID", id: "105093", }, { date: "2017-06-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-008607", }, { date: "2018-08-14T00:00:00", db: "CNNVD", id: "CNNVD-201808-445", }, { date: "2018-08-14T12:29:00.220000", db: "NVD", id: "CVE-2016-4975", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2016-4975", }, { date: "2018-08-14T00:00:00", db: "BID", id: "105093", }, { date: "2023-06-29T00:58:00", db: "JVNDB", id: "JVNDB-2016-008607", }, { date: "2021-06-07T00:00:00", db: "CNNVD", id: "CNNVD-201808-445", }, { date: "2024-11-21T02:53:20.620000", db: "NVD", id: "CVE-2016-4975", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201808-445", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cosminexus HTTP Server and Hitachi Web Server Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2016-008607", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "injection", sources: [ { db: "CNNVD", id: "CNNVD-201808-445", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.